27% of companies globally have suffered a data breach that cost them USD 1- 20 million or more in the past three years. The percentage rises to 34% for companies in North America. Only 14% of firms globally report that no data breaches have occurred during the period, consultancy PwC’s annual Global Digital Trust Insights Survey shows.
The survey comprises 3 500 senior executives across 65 countries. The majority of executives surveyed said their organizations are continuing to increase their cyber budgets due to data breaches– 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023. Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning.
According to the survey, a catastrophic cyber attack ranks higher than global recession or another health crisis for organizations’ resilience planning, PwC says.
“Despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas”, PwC says.
“This includes, enabling remote and hybrid work (38% say the cyber risk is fully mitigated); accelerated cloud adoption (35%); increased use of internet of things (34%); increased digitisation of supply chain (32%) and back office operations (31%).
Cybersecurity of the supply chain is a major concern for operations-focused executives. Nine in ten expressed concern about their organization’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.
79% of organisations think a comparable and consistent format for mandatory disclosure of cyber incidents is necessary to gain stakeholder confidence and trust. 76% agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem.
76% also think governments should use the knowledge base from mandatory cyber attack disclosures to develop cyber defence techniques for the private sector.
“While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half (42%) of executives surveyed are fully confident their organization can provide required information about a material/significant incident within the specified reporting period. There is also a hesitance to share too much information – 70% said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage”, PwC reports.
“It’s clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape – companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents”, says Sean Joyce, PwC’s Global Cybersecurity and Privacy Leader.
PwC says it’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organizations have experienced due to a cyber breach or data privacy incident over the past yjree years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%)
“There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting”, Joyce says.